Using reported concerns to improve how organisations deal with information rights. Performance Improvement Business Plan 2015 / 16

Transcription

1 Using reported concerns to improve how organisations deal with information rights Performance Improvement Business Plan 2015 / 16

2 Our corporate objectives The ICO has identified the following six objectives in the corporate plan. Delivery of these objectives will help the ICO to achieve its strategic outcomes. Organisations have a better understanding of their information rights obligations. Enforcement powers are used proportionately to ensure improved information rights compliance. Customers receive a proportionate, fair and efficient response to their information rights concerns. Individuals are empowered to use their information rights. The ICO is alert and responsive to changes which impact on information rights. An efficient ICO well prepared for the future. The Performance Improvement Department will support the corporate objectives during by delivering against its business plan. 2

3 Customers receive a proportionate, fair and efficient response to their information rights concerns By providing an efficient service for individuals who want to raise concerns about data protection related issues. We will provide proportionate decisions, explaining where the law has been applied correctly, and taking opportunity to suggest improvements to information rights practices, where it has not. Deal with an intake of circa 14,500 cases during the year. 90% of cases to be closed within 6 months of receipt. No more than 10% of the open caseload to be over 6 months old. No case should take over 12 months to resolve. By providing an efficient service for individuals that want to complain about freedom of information requests made to public authorities. We will provide proportionate decisions, explaining where the law has been applied correctly, and ordering disclosure of information to the public, where it has not. Deal with an intake of circa 5,000 cases during the year. 90% of cases to be closed within 6 months of receipt. No more than 10% of the open caseload to be over 6 months old. 3

4 No case should take over 12 months to resolve. By providing an efficient service for individuals that as us to assess decisions of search engine providers, in connection with delisting requests, ensuring that the outcomes are consistent with DP principles and the law is applied correctly. Deal with an intake of circa 500 cases during the year. 90% of cases to be closed within 6 months of receipt. No more than 10% of the open caseload to be over 6 months old. No case should take over 12 months to resolve 4

5 Organisations better understand their information rights obligations By assessing self-reported incidents in connection with information rights and obligations, reaching decisions whether breaches of relevant legislation have occurred, and taking opportunities to suggest improvements to information rights practices, where appropriate. Deal with an intake of circa 500 incidents per year. 90% of reported incidents to be investigated and concluded within 6 months of receipt. No more than 10% of investigations should be over 6 months old. No investigations should take over 12 months to resolve. By producing sector based improvement activity reports, showing where our intervention has resulted in improved information rights handling. Reports to be published on the ICO website at the end of each quarter. By approaching the most complained about organisations, sharing the information we Links to organisations improvement actions to be 5

6 have collated about public concerns, and asking for improvement plans or statements that show a commitment to delivering against obligations. made available via the ICO website, or published there as evidence of action taken. By considering whether public authorities respond to freedom of information requests in a timely manner and instigating a programme of formal monitoring where appropriate. Formal monitoring to commence where less than 85% of responses are provided within 20 working days. By developing a programme of monitoring for responding to subject access requests, sharing with organisations where we have concerns and asking for evidence of improvement as required. Formal measures are yet to be decided. Individuals are empowered to use their information rights. By ensuring that individuals are encouraged to use on-line self-help tools when appropriate, before raising formal concerns with the ICO. To reduce the number of ineligible complaints handled by the department. 6

7 Enforcement powers are used proportionately to ensure improved information rights compliance By ensuring that organisations sign up to formal undertakings when improvements to information rights practices are required, but more serious enforcement action is not warranted. Formal undertakings to be publicised and shared on the ICO website. Using formal enforcement notices where our informal improvement actions have not produced required outcomes. Formal enforcement notices to be publicised and shared on the ICO website. By utilising our formal information notice powers to obtain information required for our improving practice services. We will review the use of information notices every quarter. An efficient ICO well prepared for the future By using the results of our formal customer satisfaction survey to shape our ongoing improving practice services. Survey to be carried out in quarter 1 7

8 By using the formal audit of the Project Eagle aims and outcomes to shape our improving practice services. Audit to be a carried out in quarter 1 By training and developing our staff so we can effectively and efficiently deliver business outputs, focussing on development activity which adds value and promotes professional growth. Departmental requirements to be provided to Learning and Development Individual training needs to be identified and actioned during the year By developing a collection of core training requirements for the roles within the Performance Improvement department, building on the success of customer service training modules developed in Customer Contact. To have core development plans for each role in place by end of quarter 2. By reviewing our core business plan every quarter and adding work items as appropriate, including adding departmental training requirements to this section as required. Plan to be added to and updated quarterly. 8

9 9

10 Our values We will support delivery of our business plan by living our values. We are: Committed We care about upholding information rights. Team workers We work together as one ICO team, sharing information and expertise. Focused We give priority to activities that make the biggest contribution to achieving our aims. Effective We work to produce high quality and timely outcomes. A model of best practice We do not ask others to do what we are not prepared to do ourselves. Alert We are alert to the views and needs of our stakeholders and to the potential impact of new developments. Fair We treat everybody we deal with fairly and with integrity and respect. We are inclusive in our approach. Always learning We are always learning and developing professionally. 10